From 148199572c28f425f938fb5ace5edaabb291f2fd Mon Sep 17 00:00:00 2001 From: Jacques ROUSSEL Date: Tue, 30 Apr 2024 10:20:46 +0200 Subject: [PATCH] [CI] Add docker build --- .github/workflows/docker-build.yaml | 62 +++++++++++++++++++++++++++++ .github/workflows/secrets.enc.env | 11 +++++ .sops.yaml | 7 ++++ dockerfiles/goofys/Dockerfile | 3 +- scripts/install-hooks.sh | 30 ++++++++++++++ scripts/updatekeys.sh | 3 ++ 6 files changed, 115 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/docker-build.yaml create mode 100644 .github/workflows/secrets.enc.env create mode 100644 .sops.yaml create mode 100755 scripts/install-hooks.sh create mode 100755 scripts/updatekeys.sh diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml new file mode 100644 index 0000000..545a0ed --- /dev/null +++ b/.github/workflows/docker-build.yaml @@ -0,0 +1,62 @@ +name: Docker Hub Workflow + +on: + workflow_dispatch: + push: + branches: + - 'main' + tags: + - 'v*' + pull_request: + branches: + - 'main' + +env: + DOCKER_USER: 1001:127 + +jobs: + build-and-push-backend: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + include: + - dockerfile: dockerfiles/goofys/Dockerfile + image: lasuite/goofys + path: dockerfiles/goofys + cmd_version: "echo \"VERSION=$( awk '/VERSION/ {print substr($3, 2)}' dockerfiles/goofys/Dockerfile)\" >> $GITHUB_ENV" + steps: + - + name: Checkout + uses: actions/checkout@v4 + - + name: Read version + run: ${{ matrix.cmd_version }} + - + name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ matrix.image }} + tags: | + type=pep440,pattern={{version}},value=${{ env.VERSION }} + - + name: Load sops secrets + uses: rouja/actions-sops@main + with: + secret-file: .github/workflows/secrets.enc.env + age-key: ${{ secrets.SOPS_PRIVATE }} + - + name: Login to DockerHub + if: github.event_name != 'pull_request' + run: echo "$DOCKER_HUB_PASSWORD" | docker login -u "$DOCKER_HUB_USER" --password-stdin + - + name: Build and push + uses: docker/build-push-action@v5 + with: + context: ${{ matrix.path }} + file: ${{ matrix.dockerfile }} + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + diff --git a/.github/workflows/secrets.enc.env b/.github/workflows/secrets.enc.env new file mode 100644 index 0000000..829676d --- /dev/null +++ b/.github/workflows/secrets.enc.env @@ -0,0 +1,11 @@ +SOPS_PRIVATE=ENC[AES256_GCM,data:dnmMX41o1puCyAdtURv1O63zi23MJfATLDL+Os3QJS5jemm6rEa5g3Yrm19U+WOVKpNA8gTU1OXen1JbLgvjQLzSlbIbXWushDg=,iv:AsWQ3VsFw8LsreGx9VxvDhaeCQS3sSw7yebdDEmjNvc=,tag:XhOAwuIe8jEshXo9T1ghLA==,type:str] +DOCKER_HUB_PASSWORD=ENC[AES256_GCM,data:cl8ULZC2/AYeDN8=,iv:ZnokC118+ECokaIbNOU1YVFkWkxkGPUpBCx9iYsncWE=,tag:KlZ4EBB4iwMcZBFLhm0R8g==,type:str] +DOCKER_HUB_USER=ENC[AES256_GCM,data:Jnf+l4GWmQ==,iv:OWvqUFg2wvCRH8/OJ/HBeE7WCEOdWqe1q9NEKsJJdzI=,tag:K6XzPXQ4U1oYd65eXn0Y8A==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPZml0NlpIYllrZ20vN1Fl\ncUpRSERpNzhQMWFnT0ZibGV5cC9ueXcyMHlVCnpxY3BxbmNLNXpaVW9odkNLUjNR\nMnNvNmZ1WXcreThOZUtoVEdGNStTSDAKLS0tIFdETXo4ekVJSEJDeXFpWnZMVkFW\ncDFxZEg0VUswOGVJRmlIRmhoeTF1TEEKMWTYcmopAk1DDrB48r3VMdSbhbIiAIcv\nezr3p1TlnyddN7mCJQDwxYdiIc/fo3KGzmh+NxCuG7N2+M48YKIr9g==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_0__map_recipient=age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x +sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyQ1dOcXp0Q2hiaW1hYm1W\nN3ZlR2hjbVphclU2MDViNjJFWmx3cHlDaGx3CitSMlBZRWJFQlZSL2RTNjNJNDlH\nZXVtUmxqbUIxY0IrVGZaTmxlc2N6VUEKLS0tIDJjOWp5OXdKcUMxSmZYRUI0ck9G\ndUFNMk9aRFlKVGVMYm5zcTAyTFAvTncKtreq0BMHA11PRV7LXTvGdEx47C+CfbM1\ng9QhopVofsKYqnwFblcRIL31XiiGIBRNo9mskZcNauY87axQYj22ZQ==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_1__map_recipient=age1lj633f3hmscvy0nsewqej8k3jrk9wkhrgw4lafx0p9748ncvjs3qkvdd3d +sops_lastmodified=2024-04-30T08:20:26Z +sops_mac=ENC[AES256_GCM,data:49O5/5tbLVOAgZQITlKdD6kdGb7k8AMU25NIQEX/h96uLbsld9OK6R55pZet318sD/vbT38Kr+GZ50arZKiFCxqkQ51CdNWnmnXLOrpkDYiBTC6oL4F3SruQyK5iHXg1gxMWOGwT2kaFnqejltx5ksIexJdz9D+E8rLi38+fogE=,iv:H/m/xY3L/mvYWA36dzh6EQWC3+UcySzwf1JbqY+ueXI=,tag:ePRjHn0hmOPO2l3/K6GSJw==,type:str] +sops_unencrypted_suffix=_unencrypted +sops_version=3.8.1 diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..9c12943 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,7 @@ +creation_rules: + # Using a single-key group to be able to use per-key comments, + # see https://github.com/getsops/sops/issues/845#issuecomment-1364109772 + - key_groups: + - age: + - age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x # jacques + - age1lj633f3hmscvy0nsewqej8k3jrk9wkhrgw4lafx0p9748ncvjs3qkvdd3d # github diff --git a/dockerfiles/goofys/Dockerfile b/dockerfiles/goofys/Dockerfile index 4fb60ec..fbc8d0e 100644 --- a/dockerfiles/goofys/Dockerfile +++ b/dockerfiles/goofys/Dockerfile @@ -1,5 +1,6 @@ FROM golang:1.22.2 +ENV VERSION v0.24.0 RUN apt update ;\ apt install -y git fuse ;\ @@ -8,7 +9,7 @@ RUN apt update ;\ go get github.com/kahing/goofys ;\ go install github.com/kahing/goofys ;\ curl -sSL -o /usr/local/bin/catfs \ - https://github.com/kahing/catfs/releases/download/v0.8.0/catfs ;\ + https://github.com/kahing/catfs/releases/download/v0.9.0/catfs ;\ chmod +x /usr/local/bin/catfs ARG ENDPOINT diff --git a/scripts/install-hooks.sh b/scripts/install-hooks.sh new file mode 100755 index 0000000..7d1c790 --- /dev/null +++ b/scripts/install-hooks.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +mkdir -p "$(dirname -- "${BASH_SOURCE[0]}")/../.git/hooks/" +PRE_COMMIT_FILE="$(dirname -- "${BASH_SOURCE[0]}")/../.git/hooks/pre-commit" + +cat <<'EOF' >$PRE_COMMIT_FILE +#!/bin/bash + +# directories containing potential secrets +DIRS="." + +bold=$(tput bold) +normal=$(tput sgr0) + +# allow to read user input, assigns stdin to keyboard +exec